Wellis Inquiry.exe

General
Target

Wellis Inquiry.exe

Size

329KB

Sample

211014-f5eq5sgbdn

Score
10 /10
MD5

c357a8010e661a49df2e813bd22590b6

SHA1

08ecd005e1449ec97d0405e83649686ae35f6286

SHA256

eef137583da6deb4a1be9882cede6cec5112b74ae79c0773f45b13346c5b2890

SHA512

71957a0cd597213808b15b1abe9ce3df07889627b4a1b849362df07de6da3984803c6b2e6487338375a558dc9c1f0db32aee42fde89cee305078c22d6b92890e

Malware Config

Extracted

Family xloader
Version 2.5
Campaign ag9v
C2

http://www.psychedeliccosmetics.com/ag9v/

Decoy

wordmagicshow.com

dogparkdate.com

quickcarehomeopathic.com

azwar.net

louisle1909.xyz

section8lv.com

felineness.com

2888sy.com

wadashoot.com

kittyuniverse.com

blushroses.com

alaskangeneral.com

yumoo.design

7xkfic.com

891827.com

uspress1.com

aceserial.xyz

muellerconfidence.com

eramakport.com

tipsandtoesnewton.com

withph.net

kravesproet.quest

restaurantemesana.com

ghostpunk.art

cobere9.com

darshanshastra.com

barnhsartcrane.com

richartware.com

welcomprom2.com

plantvsundeadhelp.com

hotsatisfy.com

fullhindimovies.com

beautynaturalcosmeticslk.com

googglo.com

hongyang98.com

elishevazz.com

ebookgratis.online

urbanyinyoga.com

sojuicybar.com

seheon.email

pokemongosrf.com

catchytravel.com

stonecoldice.net

betinle137.com

platinumridge.art

agoodhotel.com

preventbiotech.com

ebonyslivestockservice.online

billionairesboat.com

dollpartyla.com

Targets
Target

Wellis Inquiry.exe

MD5

c357a8010e661a49df2e813bd22590b6

Filesize

329KB

Score
10 /10
SHA1

08ecd005e1449ec97d0405e83649686ae35f6286

SHA256

eef137583da6deb4a1be9882cede6cec5112b74ae79c0773f45b13346c5b2890

SHA512

71957a0cd597213808b15b1abe9ce3df07889627b4a1b849362df07de6da3984803c6b2e6487338375a558dc9c1f0db32aee42fde89cee305078c22d6b92890e

Tags

Signatures

  • Xloader

    Description

    Xloader is a rebranded version of Formbook malware.

    Tags

  • suricata: ET MALWARE FormBook CnC Checkin (GET)

    Description

    suricata: ET MALWARE FormBook CnC Checkin (GET)

    Tags

  • Xloader Payload

    Tags

  • Deletes itself

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      10/10